MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e93ea58602fabb383b5624b79dd683dceaff52b89f0765dc66be19d938348718. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e93ea58602fabb383b5624b79dd683dceaff52b89f0765dc66be19d938348718
SHA3-384 hash: d498b1c094a18f94b305d8af5aad5dea6175e33308953df5a8f326eccf00a6844c60fa6ba2a40544b0d3718f70bdd562
SHA1 hash: c9e6ddcc45e1863f9a9d7af029405930195222ba
MD5 hash: 4d671914c18a270bf0cb627e82729957
humanhash: mobile-vegan-thirteen-minnesota
File name:PO.485791.pif
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:09:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 08acba2585cf51e1dbb513208b941174 (2 x GuLoader)
ssdeep 1536:ej6SPfxV40ypJ5n+NyskgrKHxLdGKc+o0FDHdZ1gIEZdNxMpNjDkWdm4NVFqm:ejrPXmYyOKVdhjFD9zoLNyRfNjb
Threatray 1'036 similar samples on MalwareBazaar
TLSH 20B38C07ED4C8913D1444BBD3D278E793B1DA80D08419FEFB4796E9BAEB16412CAB11E
Reporter abuse_ch
Tags:GuLoader pif


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: izujin-jp.com
Sending IP: 45.95.168.182
From: enquiry@izujin-jp.com
Subject: Re:Re:Re:PO.485791
Attachment: PO.485791.pif

GuLoader payload URL:
https://conveyancing.pro/wp-admin/js/widget/o_auFSDvLmyQ147.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6296/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 01:23:43 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5e7klbqc7k5tqo2wes3z3vud3tvp6uvyt4dwlxdgxym5sobuq4ma._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
1acd132956421229e7c8fabb1001381956ff135d042b339f2871763498896d9e
GuLoader
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
GuLoader
474233cdd3d96bddb9f6733b5345cd411ed3bc141f462d77849f1294900b0aac
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
983a50787533f7fb48c7aeccfe0cc8ea3b16a76a39b22a1668ef800ed56556f6
GuLoader
bc7549c1281f3ce45abcaad7408522374c97421e9031998b7959bd5e59b27a93
GuLoader
ca1db184290b274c1f78b091bf019926fa258dd8b1f5bb316a55832aec970338
GuLoader
f9389b3ae99666514bbe467217ebd46597e6d2e919f105697a152afe1da73e18
GuLoader
ffa86315bf2626a0d898bfb87783206ab4cb64b9b4c645661c644f717052ddf9
GuLoader
+ 1'026 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-yt2vv5zcq2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe e93ea58602fabb383b5624b79dd683dceaff52b89f0765dc66be19d938348718

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376009/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6296/

Comments